=====I don’t see the Full Disk Encryption option that was introduced in Ubuntu 12.10 during installation. Will this be included?

Edit by Clem: Yes and No. It won’t be included by default, but you can enable it all the same. Basically we’re using the same version of the installer we used in Linux Mint 13 (an updated version of Ubiquity 2.10). There is a new version available in the Mint repositories (based on Ubiquity 2.12) which features LVM support, full disk encryption and compatibility with secureBoot. You can upgrade the installer from the liveCD prior to the installation to gain access to these new features. We used the older version of Ubiquity because we weren’t fully happy with the stability of the new installer and how late some of these new features got in Ubiquity.=====

I have not tried it, but am curious if anyone else has had any success with Clem's suggestion. If so, could you provide any details of what you did? Thanks.

I've done it. I strongly wanted Mint but I've always used the Ubuntu alternate installer disc because a lack of full disk encryption is a deal-killer for me. Clem's suggestion seemed easy enough. It wasn't. I managed to screw up a dozen attempts and I could fill pages with all the error messages I got trying various things. However, here's what finally worked.

1. Wipe the boot drive. Through mulitple upgrades and reinstalls of Ubuntu, I've found that it's pretty much impossible to upgrade or install any Linux using FDE on a drive that already has anything installed, especially a prior FDE install. A completely clean start on a freshly wiped drive is mandatory. I used a gdisk boot disk and ran

>gdisk 1 /mbr /wipe>gdisk 1 /diskwipe

before starting.

2. Insert the LiveCD and turn on the machine.

3. Open Software Manager and find Ubquity 2.10. Remove it. Just for grins, I opened a terminal and did a

dpkg -P Ubiquity

for good measure. I doubt that step was necessary.

4. Return to the Software Manager window and you'll see that it indicates that if you want to install Ubiquity, it will be version 2.12.16. Click to install.

5. Once 2.12.16 is installed, don't bother with the desktop installation icon. If you click it, it will change to the different, new icon for 2.12.16 but Ubiquity won't actually start. Instead, in the terminal, do

sudo ubiquity

Ubiquity 2.12.16 will start.

6. Follow the prompts to install (check all the right boxes, enter an idiotically long passphrase at the disk setup screen, etc., - all the things you know to do if you're advanced enough to actually appreciate FDE) and reboot when done.

7. After the reboot, you should get a simple screen that requires your passphrase before boot can start. Enter it and it will proceed to boot. Use the machine as normal.

I'm still testing; I may have an addendum later.

Ben

Edited later to add this - All the above work was done with just one drive, my boot drive, hooked up. I have an SSD boot drive. My data is kept on a separate drive. Whenever I upgrade, I copy the needed configs and other files off my boot drive to my data drive, disconnect the data drive, and attempt the new install/upgrade/whatever. That's what I did this time.

After accomplishing the steps outlined above, I shut the machine down, reconnected the data drive, and turned it back on. It wouldn't come on. There was just a blinking cursor at the upper left. I unplugged, re-plugged, and turned it back on. It started, asked for my pre-boot passphrase, accepted it, and fully booted. However, the system now showed a "3.0TB Encrypted" listing where drives are listed. I clicked it and got a dialog asking for the pass to access the drive. I provided it, checked the box telling the computer to remember the passphrase forever, and continued on. Full access to all my data is now restored to me.

Right now, I'm happy as can be. I'll have to figure out why the voice/video sync in vlc is screwed up (no problems in Movie Player) but that's the only problem I've found so far. If you've ever been through the hell of setting up a new FDE install of Ubuntu on a machine with a discrete GeForce video card, a process that works fine until the first re-boot when the video always goes nuts and generally winds up with me doing all sorts of driver installs and manual edits to xconf, the simplicity of this install and the fact that video *just works* in Mint is something that makes me weep with joy.

Thank you so much for taking the time to respond! Much appreciated! I am definitely going to give this a try. [I have a new machine, so I can thankfully experiment a bit without worrying about destroying existing data.]

I have been going back and forth (in my mind) about whether or not to go with Mint 14 or Mint 13 (LTS). For me, too, full disk encryption is a must, so having an install solution I can understand and implement is one of the deciding factors as to whether or not to go with 14 or 13. However, I do like the idea of an LTS release, and with the recent backports of some of the newer 14 features to 13, it is more appealing. I am curious as to whether you considered 13, or just 14. If you did consider 13 (and I understand there are some scripts/instructions for FDE available), what made you decide to go for 14?

Alright, so I gave it a try. The install was pretty easy, and I was able to reboot and successfully enter my passphrase (for FDE). But when I get to the login screen and enter my username and password, the screen goes blank for a few seconds, then some text is displayed (but too quickly for me to read), and then it returns to the login screen as if nothing had happened. I know I'm typing my password correctly because when I don't I get an 'incorrect password' message.

I think it's something to do with Cinnamon. I can change the Session Type to Gnome and it works, but when I use Cinnamon or Cinnamon 2D it doesn't. [Cinnamon works fine with the Live CD.]

gurtz wrote:However, I do like the idea of an LTS release, and with the recent backports of some of the newer 14 features to 13, it is more appealing. I am curious as to whether you considered 13, or just 14. If you did consider 13 (and I understand there are some scripts/instructions for FDE available), what made you decide to go for 14?

I didn't consider 13. I'm a bit of a dummy where all this is concerned so unless there's an option in the installer to overwrite and encrypt the entire disk, I wouldn't consider any Linux distribution. That means I've been using Ubuntu from the alternate install disk for a very long time. I've never really loved Ubuntu. Again, probably it's just my lack of knowledge but the video problems have driven me nuts for years. Always having to keep a window open solely for the purpose of killing the plugin-container process (since my machine hung about 98% of the time there was any Flash on a web page) was tiresome. I had always heard that Mint solved those problems out of the box but since there was no option for FDE, I never considered it. My choices were Ubuntu or Fedora, period.

Then at 12.10, Ubuntu put the FDE options in the graphical installer. I read somewhere that Mint 14 would be based on it and that, presumably, the ability to easily do FDE during the install would be a feature. I downloaded the ISO, along with some others in case I had problems, and started trying to decide if I should switch.

Then I had a system crash so bad I decided that a reinstallation was warranted. From a terminal, I did all my backups to my data drive, then powered down, disconnected the data drive, threw in the Mint 14 disc and powered back up. I was sorely disappointed to see the FDE options in the graphical installer hadn't come over.

After a bit of research, I saw Clem's note to you on the blog. I decided to give it a try. There were bumps in the road, but I got it working.

That's really all the thought that went into it. Until I read your post, I didn't even know that Mint had a system of long term support releases.

As for your failures to start, I installed the 64-bit Cinnamon version and haven't touched the defaults. It's working fine for me. Sorry to hear you're having troubles but until I begin to get a feeling for this distro (which will be a while) I won't have a clue how to help.

Just to clarify, the note from Clem was not a reply to me. Someone else asked the question.

Sorry to hear about your system crash. Very frustrating, I'm sure. I am also a bit of a "dummy" on Linux. I can manage some of the basics, and can follow directions, but the moment something goes wrong or things become too unfamiliar, I become stuck. Oh well, I guess it's all a learning experience.

I've done it. I strongly wanted Mint but I've always used the Ubuntu alternate installer disc because a lack of full disk encryption is a deal-killer for me. Clem's suggestion seemed easy enough. It wasn't. I managed to screw up a dozen attempts and I could fill pages with all the error messages I got trying various things. However, here's what finally worked.

OK, I've used Ben's post to help me set up full-disk encryption. Using a Linux Mint 14 Cinnamon 64 bit DVD, and I also wanted also have Mint auto-encrypt my /home folder but then to relocate it to a separate (second) disk drive. Here's what I did that worked:

STAGE 1 - build encrypted systema. Boot Linux Mint Live CDb. Erase the entire MBR of the target disk (sda in my case), including the partition table (this will destroy the existing partitions on the disk which is what I wanted).

c. In Software Manager, uninstall Ubiquity 2.10 and install Ubiquity 2.12.16 (it also downloads a heap of other stuff, incl KDE files, just ignore it as these don't seem to end up on the built machine)d. In a terminal run sudo ubiquity and step through till you are asked about where to install. Choose the option to set up encrypted LVM.e. If you plan to move your /home folder to a separate disk, then at the user details screen tick 'encrypt home folder'f. Allow installation to proceed till complete, then Reboot when advised.You should now have an encrypted system disk with the /home folder also separately encrypted

STAGE 2 - Move your encrypted home folder to a second drive(I got these notes from another post but can't recall who/where, sorry!)a. To move /home folder to second disk drive (sdb1 in my case, but yours may be different) do as follows:sudo mkfs -t ext4 /dev/sdb1 (new home partition on second disk drive)sudo mkdir /mnt/home (create temporary mount folder)sudo mount /dev/sdb1 /mnt/home (mount the new /home drive at /mnt/home)sudo cd /homesudo rsync -a . /mnt/home (copy all files and folders with permissions from current /home to new /home)

b. Update /etc/fstab to reflect the changes, as follows:Get the drive ID for sdb1 with sudo blkidthen edit fstab: gksu gedit /etc/fstabAdd this line to bottom of the file and save it:UUID=(here insert sdb1's UUID) /home ext4 rw,errors=remount-ro 0 1

c. Reboot and log in.You can remove the temporary folder: sudo rmdir /mnt/homeUse the Disks utility in the Accessories menu to confirm that the second drive is mounted as home.

Hope this helps someone.

NB I have also had the reported problem of a blank screen after booting a newly encrypted disk (it was on an Ubuntu build). An ATI Radeon driver issue in my case. Once i figured out that I just had to type my encryption passphrase and press Enter, I was quite ok with it, kinda liked the idea of it hiding the passphrase prompt!

Last edited by tonywhelan on Mon Dec 03, 2012 2:56 pm, edited 3 times in total.

... I also wanted also have Mint auto-encrypt my /home folder but then to relocate it to a separate (second) disk drive. Here's what I did that worked:

This is great! Thanks so much. I'm in a similar situation in that I also have a second disk that I want to use and encrypt. Though I hadn't gotten around to it, one of my next tasks was to try and work out how to do so. You have saved me a ton of effort.

On a related note, how important would you (and others) say /home encryption is if one already has full-disk encryption? If file and folder permissions were set up correctly, wouldn't it be redundant? That said, I don't really understand all the intricacies, so I might be missing something.

On a related note, how important would you (and others) say /home encryption is if one already has full-disk encryption? If file and folder permissions were set up correctly, wouldn't it be redundant? That said, I don't really understand all the intricacies, so I might be missing something.

If the /home folder is on a different physical disk that is not encrypted, file permissions probably would not be a barrier to someone with technical expertise who is determined to read the data.

I can't comment on using Ubiquity with Mint 13 (as I haven't tried), but I found the following worked well for me (with 13). I used the manual steps (rather than the script) , as I wanted to learn as much as possible about what was being done. Still can't say I fully understand, but it works

I posted the original question about installing on Mint 14, but since then I decided I'd really like a long-term release, so that's why I'm back on 13. My setup is "in process", though, so I may yet change my mind again.

tonywhelan wrote:...I have also had the reported problem of a blank screen after booting a newly encrypted disk (it was on an Ubuntu build). An ATI Radeon driver issue in my case. Once i figured out that I just had to type my encryption passphrase and press Enter, I was quite ok with it, kinda liked the idea of it hiding the passphrase prompt!

Interesting. After showing me the passphrase prompt about half the time for the first couple of weeks, it no longer shows up. I also figured out that all I needed to do was type the passphrase and hit enter. Like you, I rather enjoy the invisible initial prompt. Theoretically, it's a problem but I don't care to fix it.

Just FYI - I find that the passphrase prompt *always* shows up if I boot to the GRUB menu and make a selection.

This worked once but now when I try to reinstall Linux Mint 14 now I just run out of disk space during sudo apt-get install ubiquity

Is there any way to get more space to the live disk, it seems to be slightly but around 400mb free space every time I boot and it worked once...Or is there some way to not include the unecessary things when installing updated ubituity?

EDIT: I did only "sudo install ubiquity-frontend-gtk" after the uninstall and update.It is not done yet but it seems ok and there was a checkbox for LVM encryption and pwd promt in the start...

Would you say encrypting the /home partition using Full Disk Encryption is better than encrypting it manually after Full Disk Encrytion (i. e. using TrueCrypt or dmcrypt)?I am just thinking that if I encrypted it manually, I could keep the /home partition when reinstalling.What do you think?